Camouflage

The last two blogs discussed attacks and one approach for determining adequate defense expenditure. We already know the thieves’ budget (see http://paymentnetworks.blogspot.com/2014/05/security-and-payment-hubs.html ).  The last blog peeked at low hanging fruit by examining one way to increase throughput by reducing gates (creating a html tag based standard for data transmission from personal electronic device to a secure point of presence shares the cost across all segments of the payment data transport industry,  just saying). Now, I want to address a method of attack within the taxonomy of attacks (namely intercept of payer data) that also seems like a good place to spend defense dollars. I want to address what I call a camouflage attack.

I think a definition is on order. For the purposes of this blog a camouflage attack is unauthorized data residing within a payment hub used to intercept payer data. To determine the presence of the attack I created data radar.  Let M be a known static area of memory within a payment hub and J be a bit mask image taken of M within a Time T. I can then express a bogie (B) on the radar as:

And if B > | J | + ∆ its time to alert a human, STAT!

Next Blog: A General Defensive Budget